add endpoints ec2messages, ssmmessages as those are required by Systems...

add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm.

add endpoints ec2messages, ssmmessages as those are required by Systems...
add endpoints ec2messages, ssmmessages as those are required by Systems Manager in addition to ec2 and ssm.
c1c37368 · thebugfinder · ef0d14c8 · c1c37368 · c1c37368 · c1c37368
Commit c1c37368 authored Jan 22, 2019 by thebugfinder
Show whitespace changes
Inline Side-by-side

Showing with 116 additions and 4 deletions

main.tf main.tf +46 -4

outputs.tf outputs.tf +30 -0

variables.tf variables.tf +40 -0

No files found.
--- a/main.tf
+++ b/main.tf
@@ -404,9 +404,9 @@ resource "aws_vpc_endpoint_route_table_association" "public_dynamodb" {
  route_table_id  = "${aws_route_table.public.id}"
 }
-######################
+#######################
 # VPC Endpoint for SSM
-######################
+#######################
 data "aws_vpc_endpoint_service" "ssm" {
  count = "${var.create_vpc && var.enable_ssm_endpoint ? 1 : 0}"
@@ -425,9 +425,30 @@ resource "aws_vpc_endpoint" "ssm" {
  private_dns_enabled = "${var.ssm_endpoint_private_dns_enabled}"
 }
-######################
+###############################
+# VPC Endpoint for SSMMESSAGES
+###############################
+data "aws_vpc_endpoint_service" "ssmmessages" {
+  count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
+  service = "ssmmessages"
+}
+resource "aws_vpc_endpoint" "ssmmessages" {
+  count = "${var.create_vpc && var.enable_ssmmessages_endpoint ? 1 : 0}"
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ssmmessages.service_name}"
+  vpc_endpoint_type = "Interface"
+  security_group_ids  = ["${var.ssmmessages_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ssmmessages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ssmmessages_endpoint_private_dns_enabled}"
+}
+#######################
 # VPC Endpoint for EC2
-######################
+#######################
 data "aws_vpc_endpoint_service" "ec2" {
  count = "${var.create_vpc && var.enable_ec2_endpoint ? 1 : 0}"
@@ -446,6 +467,27 @@ resource "aws_vpc_endpoint" "ec2" {
  private_dns_enabled = "${var.ec2_endpoint_private_dns_enabled}"
 }
+###############################
+# VPC Endpoint for EC2MESSAGES
+###############################
+data "aws_vpc_endpoint_service" "ec2messages" {
+  count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
+  service = "ec2messages"
+}
+resource "aws_vpc_endpoint" "ec2messages" {
+  count = "${var.create_vpc && var.enable_ec2messages_endpoint ? 1 : 0}"
+  vpc_id            = "${local.vpc_id}"
+  service_name      = "${data.aws_vpc_endpoint_service.ec2messages.service_name}"
+  vpc_endpoint_type = "Interface"
+  security_group_ids  = ["${var.ec2messages_endpoint_security_group_ids}"]
+  subnet_ids          = ["${coalescelist(var.ec2messages_endpoint_subnet_ids, aws_subnet.private.*.id)}"]
+  private_dns_enabled = "${var.ec2messages_endpoint_private_dns_enabled}"
+}
 ##########################
 # Route table association
 ##########################

--- a/outputs.tf
+++ b/outputs.tf
@@ -294,6 +294,21 @@ output "vpc_endpoint_ssm_dns_entry" {
  value       = "${flatten(aws_vpc_endpoint.ssm.*.dns_entry)}"
 }
+output "vpc_endpoint_ssmmessages_id" {
+  description = "The ID of VPC endpoint for SSMMESSAGES"
+  value       = "${element(concat(aws_vpc_endpoint.ssmmessages.*.id, list("")), 0)}"
+}
+output "vpc_endpoint_ssmmessages_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for SSMMESSAGS."
+  value       = "${flatten(aws_vpc_endpoint.ssmmessages.*.network_interface_ids)}"
+}
+output "vpc_endpoint_ssmmessages_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for SSMMESSAGES."
+  value       = "${flatten(aws_vpc_endpoint.ssmmessages.*.dns_entry)}"
+}
 output "vpc_endpoint_ec2_id" {
  description = "The ID of VPC endpoint for EC2"
  value       = "${element(concat(aws_vpc_endpoint.ec2.*.id, list("")), 0)}"
@@ -309,6 +324,21 @@ output "vpc_endpoint_ec2_dns_entry" {
  value       = "${flatten(aws_vpc_endpoint.ec2.*.dns_entry)}"
 }
+output "vpc_endpoint_ec2messages_id" {
+  description = "The ID of VPC endpoint for EC2MESSAGES"
+  value       = "${element(concat(aws_vpc_endpoint.ec2messages.*.id, list("")), 0)}"
+}
+output "vpc_endpoint_ec2messages_network_interface_ids" {
+  description = "One or more network interfaces for the VPC Endpoint for EC2MESSAGES"
+  value       = "${flatten(aws_vpc_endpoint.ec2messages.*.network_interface_ids)}"
+}
+output "vpc_endpoint_ec2messages_dns_entry" {
+  description = "The DNS entries for the VPC Endpoint for EC2MESSAGES."
+  value       = "${flatten(aws_vpc_endpoint.ec2messages.*.dns_entry)}"
+}
 # Static values (arguments)
 output "azs" {
  description = "A list of availability zones specified as argument to this module"

--- a/variables.tf
+++ b/variables.tf
@@ -198,6 +198,26 @@ variable "ssm_endpoint_private_dns_enabled" {
  default     = false
 }
+variable "enable_ssmmessages_endpoint" {
+  description = "Should be true if you want to provision a SSMMESSAGES endpoint to the VPC"
+  default     = false
+}
+variable "ssmmessages_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for SSMMESSAGES endpoint"
+  default     = []
+}
+variable "ssmmessages_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for SSMMESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
+variable "ssmmessages_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for SSMMESSAGES endpoint"
+  default     = false
+}
 variable "enable_ec2_endpoint" {
  description = "Should be true if you want to provision an EC2 endpoint to the VPC"
  default     = false
@@ -218,6 +238,26 @@ variable "ec2_endpoint_subnet_ids" {
  default     = []
 }
+variable "enable_ec2messages_endpoint" {
+  description = "Should be true if you want to provision an EC2MESSAGES endpoint to the VPC"
+  default     = false
+}
+variable "ec2messages_endpoint_security_group_ids" {
+  description = "The ID of one or more security groups to associate with the network interface for EC2MESSAGES endpoint"
+  default     = []
+}
+variable "ec2messages_endpoint_private_dns_enabled" {
+  description = "Whether or not to associate a private hosted zone with the specified VPC for EC2MESSAGES endpoint"
+  default     = false
+}
+variable "ec2messages_endpoint_subnet_ids" {
+  description = "The ID of one or more subnets in which to create a network interface for EC2MESSAGES endpoint. Only a single subnet within an AZ is supported. If omitted, private subnets will be used."
+  default     = []
+}
 variable "map_public_ip_on_launch" {
  description = "Should be false if you do not want to auto-assign public IP on launch"
  default     = true